RHSA-2003:085 - Security Advisory

Topic

Updated tcpdump packages are available to fix a denial of service
vulnerability in tcpdump.

[Updated 12 March 2003]
Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise
Linux WS

Description

Tcpdump is a command-line tool for monitoring network traffic.

The ISAKMP parser in tcpdump 3.6 through 3.7.1 allows remote attackers to
cause a denial of service (CPU consumption) via a certain malformed ISAKMP
packet to UDP port 500, which causes tcpdump to enter an infinite loop.

Users of tcpdump are advised to upgrade to these errata packages which
contain a patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Please note that this update is available via Red Hat Network. To use Red
Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

• Red Hat Enterprise Linux Server 2 ia64
• Red Hat Enterprise Linux Server 2 i386
• Red Hat Enterprise Linux Workstation 2 ia64
• Red Hat Enterprise Linux Workstation 2 i386

Fixes

CVEs

• CVE-2003-0108

References

(none)